Description
Before reporting an issue
- I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
admin/ui
Describe the bug
With one of recent Keycloak updated the "sub" claim is no longer added by default to the access token. It has been reworked into a mapper and a client scope "basic". This is working as designed for real clients but if you go to Clients->Client scopes->Evaluate the sub claim is always present in the access token even if "basic" client scope is not set to Default.
Version
26.0.0
Regression
- The issue is a regression
Expected behavior
I expect that the access token in admin ui evaluate function is identical to an access token retrieved by a real client, especially only containing the "sub" claim if added by a mapper or via the "basic" client scope.
Actual behavior
The "sub" claim is always displayed in the access token.
How to Reproduce?
Just create a simple client with default and click on evaluate in the client scopes, take a look at the access token. It contains the "sub" claim though not mapped.
Anything else?
No response